Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jan 2024 13:20:34 -0500
From:      Derek Schrock <dereks@lifeofadishwasher.com>
To:        Craig Leres <leres@freebsd.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: poudriere 3.4.0 regression: -i runs as NON_ROOT user
Message-ID:  <ZaGC8pOtQ-cQV05A@ircbsd.lifeofadishwasher.com>
In-Reply-To: <bbd3b92d-40f3-41f6-a802-001610b35c8b@freebsd.org>
References:  <bbd3b92d-40f3-41f6-a802-001610b35c8b@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jan 11, 2024 at 07:33:25PM EST, Craig Leres wrote:
> I posted an issue on the poudriere github a few weeks ago but have not
> gotten any feedback so let me ask the question here; is it now expected that
> "poudriere -i" is supposed to run as a non-root user when normal poudriere
> bulk builds run as root?
> 
> Here's the github issue:
> 
>     https://github.com/freebsd/poudriere/issues/1100
> 
> The appended is the way I have debugged ports ever since I first learned how
> to use poudriere 7 years ago. Now I have to take the additional step of
> using jexec to get a root shell in the jail otherwise bsd.port.mk thinks UID
> = 0 and tries to chown/chmod things which doesn't work when it's actually
> running as nobody...
> 
> 		Craig
> 
> zinc 1 # poudriere bulk -i -j 13release -p current ports-mgmt/pkg
> nobody@zinc:/usr/ports/ports-mgmt/pkg % ps ut
> USER     PID %CPU %MEM   VSZ  RSS TT  STAT STARTED    TIME COMMAND
> root   13864  0.0  0.0 13680 2964  1  SJ   21:39   0:00.00 login [pam]
> (login)
> root   13865  0.0  0.0 13656 2972  1  SJ   21:39   0:00.01 su -m nobody -c
> csh
> nobody 13869  0.0  0.0 13936 3196  1  SJ   21:39   0:00.00 _su -m -c csh
> (csh)
> nobody 13871  0.0  0.0 13936 3836  1  SJ   21:39   0:00.01 csh
> nobody 14094  0.0  0.0 13444 2852  1  R+J  21:39   0:00.00 ps ut
> nobody@zinc:/usr/ports/ports-mgmt/pkg %
> 

You can `su -l` as nobody in the jail to get to root too.  Still extra
but I do believe it is executed that interactive is started as non-root
when building as non-root.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZaGC8pOtQ-cQV05A>